Flex SSO URL Migration Guide
Twilio is launching a new Console. Some screenshots on this page may show the Legacy Console and therefore may no longer be accurate. We are working to update all screenshots to reflect the new Console experience. Learn more about the new Console.
We have deprecated the preview.twilio.com SSO URL. This guide will explain how to migrate to the iam.twilio.com SSO URL.
This guide will show you how to modify your SSO configuration on both your Identity Provider and Twilio so that you can authenticate users and enable Single Sign-On with the iam.twilio.com SSO URL. If you haven’t configured SSO for your Flex instance, please see our Configuring Single Sign-on and Identity Provider integration guide.
Single Sign-On for Flex is now Generally Available and we have updated the SSO URL from https://preview.twilio.com/iam/Accounts/<YOUR ACCOUNT SID HERE>/saml2 to https://iam.twilio.com/v1/Accounts/<YOUR ACCOUNT SID HERE>/saml2.
In order to migrate to the new SSO URL you’ll need to
- Update your configuration on your IDP
- Configure the Twilio SSO URL you are using in the Twilio Console
You must complete these steps immediately after each other. Please ensure that you have access to your IdP and your Twilio account before migrating to the new Flex SSO URL.
Updating your IDP configuration
Okta
In the Basic Settings for the Okta Application you need to update both:
- The SAML Single Sign On URL https://preview.twilio.com/iam/Accounts/ACxxxx/saml2 to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2.
- The Audience URI from https://preview.twilio.com/iam/Accounts/ACxxxx/saml2 to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata. Note the addition of metadata addition at the end of the Audience URI.
Make sure to replace the Account SID (ACxxxx) with your real Account SID.
Turn on the checkbox labeled “Use this for Recipient URL & Destination URL’ and add the Audience URI with `/metadata` at the end of the `iam` URL.
Okta will auto-populate the Recipient URL and Destination URL. Once you’re finished editing your settings, your configuration should look like the following:
- Single sign-on URL: https://iam.twilio.com/v1/Accounts/ACxxxx/saml2
- Recipient URL: https://iam.twilio.com/v1/Accounts/ACxxxx/saml2
- Destination URL: https://iam.twilio.com/v1/Accounts/ACxxxx/saml2
- Audience URI (SP Entity ID): https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata
Now you need to update the Twilio SSO URL in the Twilio Console to complete the migration
Microsoft Azure
In the Basic SAML Configuration update:
- The Identifier (Entity ID): https://preview.twilio.com/iam/Accounts/ACxxxx/saml2 to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata. Note the addition of metadata addition at the end of the Identifier (Entity ID).
- The Reply URL from https://preview.twilio.com/iam/Accounts/ACxxxx/saml2 to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2.
Make sure to replace the Account SID (ACxxxx) with your real Account SID.
Now you need to update the Twilio SSO URL in the Twilio Console to complete the migration
Go to your Google SAML Apps and click on your Flex SAML app. Then click into your Service Provider Details and update:
- The ACS URL: https://preview.twilio.com/iam/Accounts/ACxxxx/saml2 to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2
- The Entity ID from https://preview.twilio.com/iam/Accounts/ACxxxx/saml2 to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata. Note the addition of metadata addition at the end of the Entity ID.
Make sure to replace the Account SID (ACxxxx) with your real Account SID.
Now you need to update the Twilio SSO URL in the Twilio Console to complete the migration
Salesforce
In the Web App Settings update:
- The ACS URL: https://preview.twilio.com/iam/Accounts/ACxxxx/saml2 to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2
- The Entity ID from https://preview.twilio.com/iam/Accounts/ACxxxx/saml2 to https://iam.twilio.com/v1/Accounts/ACxxxx/saml2/metadata. Note the addition of metadata addition at the end of the Entity ID.
Make sure to replace the Account SID (ACxxxx) with your real Account SID.
Now you need to update the Twilio SSO URL in the Twilio Console to complete the migration
Updating your Twilio SSO URL to iam.twilio.com
Immediately after you’ve made the above change on the configuration on your IDP to use the iam.twilio.com URL you should update the Twilio SSO URL for your account. You can do this in the Flex Console Single Sign-on settings page by selecting the USES IAM.TWILIO.COM radio button and saving your changes.
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.
